removing debugfs

Kees Cook kees at
Mon Jan 24 22:13:48 UTC 2011


I have yet another unpopular request: I want to remove debugfs completely
from the built kernels. Upstream continues to put dangerous things in it,
and I want to avoid the problems completely.

I think any userspace tools that need debugfs should be adjusted to use
other non-debug interfaces. If debugfs is really intended only for
debugging, it should stay unavailable. And I don't mean unmounted; I want
to make sure it's not compiled in at all.

Of the most concern is the /sys/kernel/debug/acpi/custom_method interface.
While recently fixed for non-root users, it still basically allows
arbitrary memory writing[1]. This is a total bypass for the /dev/mem
and /dev/kmem restrictions that are used to help protected against
kernel rootkits.

I think we should identify everything that is using debugfs, open bugs
for that stuff so it can be fixed before release, and then remove debugfs
from the kernel.




Kees Cook
Ubuntu Security Team

More information about the kernel-team mailing list